[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jan 20 08:37:42 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
daabfe61 by Salvatore Bonaccorso at 2024-01-20T09:37:14+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,71 +1,71 @@
 CVE-2024-23689 (Exposure of sensitive information in exceptions in ClichHouse's clickh ...)
 	TODO: check
 CVE-2024-23688 (Consensys Discovery versions less than 0.4.5 uses the same AES/GCM non ...)
-	TODO: check
+	NOT-FOR-US: Consensys Discovery
 CVE-2024-23687 (Hard-coded credentials in FOLIO mod-data-export-spring versions before ...)
-	TODO: check
+	NOT-FOR-US: FOLIO mod-data-export-spring
 CVE-2024-23686 (DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0 ...)
 	TODO: check
 CVE-2024-23685 (Hard-coded credentials in mod-remote-storage versions under 1.7.2 and  ...)
-	TODO: check
+	NOT-FOR-US: mod-remote-storage
 CVE-2024-23684 (Inefficient algorithmic complexity in DecodeFromBytes function in com. ...)
 	TODO: check
 CVE-2024-23683 (Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: Artemis Java Test Sandbox
 CVE-2024-23682 (Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sa ...)
-	TODO: check
+	NOT-FOR-US: Artemis Java Test Sandbox
 CVE-2024-23681 (Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a s ...)
-	TODO: check
+	NOT-FOR-US: Artemis Java Test Sandbox
 CVE-2024-23680 (AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9. ...)
 	TODO: check
 CVE-2024-23679 (Enonic XP versions less than 7.7.4 are vulnerable to a session fixatio ...)
-	TODO: check
+	NOT-FOR-US: Enonic XP
 CVE-2024-23332 (The Notary Project is a set of specifications and tools intended to pr ...)
-	TODO: check
+	NOT-FOR-US: Notary Project
 CVE-2024-22421 (JupyterLab is an extensible environment for interactive and reproducib ...)
 	TODO: check
 CVE-2024-22420 (JupyterLab is an extensible environment for interactive and reproducib ...)
 	TODO: check
 CVE-2024-0758 (MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A r ...)
-	TODO: check
+	NOT-FOR-US: MolecularFaces
 CVE-2024-0739 (A vulnerability, which was classified as critical, was found in Hechen ...)
-	TODO: check
+	NOT-FOR-US: Hecheng Leadshop
 CVE-2024-0738 (A vulnerability, which was classified as critical, has been found in \ ...)
-	TODO: check
+	NOT-FOR-US: mldong
 CVE-2024-0737 (A vulnerability classified as problematic was found in Xlightftpd Xlig ...)
-	TODO: check
+	NOT-FOR-US: Xlightftpd Xlight FTP Server
 CVE-2024-0736 (A vulnerability classified as problematic has been found in EFS Easy F ...)
-	TODO: check
+	NOT-FOR-US: EFS Easy File Sharing FTP
 CVE-2024-0735 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Online Tours & Travels Management System
 CVE-2024-0734 (A vulnerability was found in Smsot up to 2.12. It has been declared as ...)
-	TODO: check
+	NOT-FOR-US: Smsot
 CVE-2024-0733 (A vulnerability was found in Smsot up to 2.12. It has been classified  ...)
-	TODO: check
+	NOT-FOR-US: Smsot
 CVE-2024-0679 (The ColorMag theme for WordPress is vulnerable to unauthorized access  ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-0623 (The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51928 (An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmon ...)
-	TODO: check
+	NOT-FOR-US: YonBIP
 CVE-2023-51927 (YonBIP v3_23.05 was discovered to contain a SQL injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: YonBIP
 CVE-2023-51926 (YonBIP v3_23.05 was discovered to contain an arbitrary file read vulne ...)
-	TODO: check
+	NOT-FOR-US: YonBIP
 CVE-2023-51925 (An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmon ...)
-	TODO: check
+	NOT-FOR-US: YonBIP
 CVE-2023-51924 (An arbitrary file upload vulnerability in the uap.framework.rc.itf.IRe ...)
-	TODO: check
+	NOT-FOR-US: YonBIP
 CVE-2023-51906 (An issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute ...)
-	TODO: check
+	NOT-FOR-US: YonBIP
 CVE-2023-51892 (An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to ...)
-	TODO: check
+	NOT-FOR-US: weaver e-cology
 CVE-2023-49329 (Anomali Match before 4.6.2 allows OS Command Injection. An authenticat ...)
-	TODO: check
+	NOT-FOR-US: Anomali Match
 CVE-2023-47024 (Cross Site Request Forgery vulnerability in NCR Terminal Handler v.1.5 ...)
-	TODO: check
+	NOT-FOR-US: NCR Terminal Handler
 CVE-2023-46447 (The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth  ...)
-	TODO: check
+	NOT-FOR-US: POPS! Rebel
 CVE-2024-23331 (Vite is a frontend tooling framework for javascript. The Vite dev serv ...)
 	TODO: check
 CVE-2024-23329 (changedetection.io is an open source tool designed to monitor websites ...)
@@ -101,9 +101,9 @@ CVE-2024-22911 (A stack-buffer-underflow vulnerability was found in SWFTools v0.
 	- swftools <removed>
 	NOTE: https://github.com/matthiaskramm/swftools/issues/216
 CVE-2024-22877 (StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scriptin ...)
-	TODO: check
+	NOT-FOR-US: StrangeBee TheHive
 CVE-2024-22876 (StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: StrangeBee TheHive
 CVE-2024-22563 (openvswitch 2.17.8 was discovered to contain a memory leak via the fun ...)
 	- openvswitch <undetermined>
 	NOTE: https://github.com/openvswitch/ovs-issues/issues/315
@@ -191407,7 +191407,7 @@ CVE-2021-31315 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram
 	- rlottie <not-affected> (Doesn't affect rlottie as packaged in Debian, bug #988885)
 	NOTE: https://www.shielder.it/advisories/telegram-rlottie-blit-stack-buffer-overflow/
 CVE-2021-31314 (File upload vulnerability in ejinshan v8+ terminal security system all ...)
-	TODO: check
+	NOT-FOR-US: ejinshan v8+ terminal security system
 CVE-2021-31313
 	RESERVED
 CVE-2021-31312



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/daabfe618448a1ea2541fdba6fb4c010e47229f1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/daabfe618448a1ea2541fdba6fb4c010e47229f1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240120/61cd6129/attachment.htm>

More information about the debian-security-tracker-commits mailing list